Script Encrypt

Have you ever wanted to encrypt a script so that it could only be run with the correct password?  Chances are… probably not.  However, in the off chance that you have, and your script is perfectly happy being piped through it’s interpreter (* See note below), then this script might work for you.  I make no guarantees or claims about how secure it might be, and it requires openssl to be installed to work. You can view the code or download it yourself at my BitBucket repo for Script Encrypt.

How does it work?

Basically, it takes openssl base64 output and appends it to the end of a stub script that’s charged with collecting the password and piping the decrypted script to the script’s interpreter.  I’ve even set up encrypted PHP command-line scripts this way.


Input Script, a very simple script that takes one argument and makes a plasma image:

convert -size 128x128  plasma:steelblue-steelblue $1

Output Script, with encrypted data truncated a bit.:

echo -n "Password: "
read -s PASS_19662
export PASS_19662
tail -n 2 $0 | openssl enc -d -aes-256-cbc -base64 -pass env:PASS_19662 > /dev/null #check password.
if [ $? -eq "0" ]; then tail -n 2 $0 |   openssl enc -d -aes-256-cbc -base64 -pass env:PASS_19662 | PASS_19662="" /bin/bash$

* Note: That is, you don’t pipe anything from itself, and you don’t use $0 for anything real important.

Leave a Reply

  • (will not be published)

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>